cbcvebase.
CVE-2025-5397
published 2025-10-31

CVE-2025-5397: The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login()…

PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.00%
58.6th percentile
The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered via the check_login() function, which fails to properly verify a user's identity. Monitor for unauthenticated requests invoking this function path in the JobMonster theme.
  • Exploitation requires social login to be enabled on the target site. Audit WordPress sites using JobMonster for enabled social login features as a precondition indicator.
  • Active in-the-wild exploitation has been observed. Review access logs for suspicious authentication events, especially unauthenticated sessions gaining administrative access on sites running JobMonster ≤ 4.8.1.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.